PT-2020-6758 · Zyxel · Zyxel Cloudcnm Secumanager
Alexandre Torres
+2
·
Published
2020-06-26
·
Updated
2022-10-27
·
CVE-2020-15347
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Zyxel CloudCNM SecuManager versions 3.1.0 through 3.1.1
Description
The issue is related to insufficient protection of credentials in the Zyxel CloudCNM SecuManager software, which can allow a remote attacker to gain full access to devices on the network. The
axiros account has a hardcoded password q6xV4aW8bQ4cfD-b.Recommendations
For Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1, consider changing the password for the
axiros account to prevent unauthorized access.
As a temporary workaround, restrict access to the axiros account until a patch is available.
Avoid using the default password q6xV4aW8bQ4cfD-b for the axiros account in the affected software.Exploit
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zyxel Cloudcnm Secumanager